PT-2018-15339 · Castlenet · Castlenet Cbv38Z4Ec+2
Publicado
2018-12-23
·
Atualizado
2019-10-03
·
CVE-2018-20385
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CastleNet CBV38Z4EC version 125.553mp1.39219mp1.899.007
CastleNet CBV38Z4ECNIT version 125.553mp1.39219mp1.899.005ITT
CastleNet CBW383G4J version 37.556mp5.008
CastleNet CBW38G4J version 37.553mp1.008
Description
The issue allows remote attackers to discover credentials via specific SNMP requests, including
iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.Recommendations
For CastleNet CBV38Z4EC version 125.553mp1.39219mp1.899.007, restrict access to the SNMP service to minimize the risk of exploitation.
For CastleNet CBV38Z4ECNIT version 125.553mp1.39219mp1.899.005ITT, consider disabling the SNMP protocol until a patch is available.
For CastleNet CBW383G4J version 37.556mp5.008, avoid using the vulnerable SNMP requests
iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 until the issue is resolved.
For CastleNet CBW38G4J version 37.553mp1.008, limit network access to the device to reduce the risk of remote attacks.Exploit
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Castlenet Cbv38Z4Ec
Castlenet Cbw383G4J
Castlenet Cbw38G4J